[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

irc2.10.3p6

To: ircd-users@xxxxxxx
Subject: irc2.10.3p6
From: Piotr KUCHARSKI <chopin@xxxxxxxxxx>
Date: Thu, 26 Feb 2004 19:37:26 +0100
Delivered-to: ircd-users-out@irc.org
Delivered-to: ircd-users@irc.org
Sender: owner-ircd-users@xxxxxxx
User-agent: Mutt/1.4i

Hello,

Due to recently discovered serious bugs in PART and KICK routines
I am forced to release yet another patchlevel release for 2.10.3
series, 2.10.3p6

The sources can be found at usual place:
        ftp://ftp.irc.org/irc/server/irc2.10.3p6.tgz

Upgrade is required ASAP.

The bug in PART creates desync with network and allows "hiding"
on channels. Specially crafted PART message can result in parting
from different channels on local server and the rest of the network.
This makes all servers in the network not see the client sitting on
the channel (so noone can kick him as well) and leaking channel
information (members, keys) to the abuser. This, however, requires
that the client was able to join such channel first.

Bug found in KICK routine also caused channel desync and similar
scenario as above could have been exploited. (This also fixes
these "NJOIN protocol error".)

There is also bugfix for autoconnect not doing its work.

Having possibility to do a release, I've also backported some of the fixes
from 2.11 tree. Although they probably do not belong to patchlevel release,
they seem to be valuable addition (I especially like new command: POST).
Read doc/ChangeLog for more.

p.

-- 
Beware of he who would deny you access to information, for in his
heart he dreams himself your master.   -- Commissioner Pravin Lal
http://nerdquiz.sgh.waw.pl/  -- polska wersja quizu dla nerdów ;)

Follow-Ups:
- Re: irc2.10.3p6
  - From: Piotr KUCHARSKI

Prev by Date: 2.11.0a3
Next by Date: Re: irc2.10.3p6
Previous by thread: Re: [OPERS] 2.11 roadmap, again
Next by thread: Re: irc2.10.3p6
Index(es):
- Date
- Thread